etcd: ability to enable/disable ETCD_PEER_CLIENT_CERT_AUTH
Some installation are failing to authenticate with peers due to etcd picking up/resoling the wrong node. By setting 'etcd_peer_client_auth' to "False" you can disable peer client cert authentication. Signed-off-by: Sébastien Han <seb@redhat.com>
This commit is contained in:
parent
f4fe9e3421
commit
fa8a128e49
3 changed files with 8 additions and 1 deletions
|
@ -20,6 +20,10 @@ bin_dir: /usr/local/bin
|
|||
## This may be the case if clients support and loadbalance multiple etcd servers natively.
|
||||
#etcd_multiaccess: true
|
||||
|
||||
### ETCD: disable peer client cert authentication.
|
||||
# This affects ETCD_PEER_CLIENT_CERT_AUTH variable
|
||||
#etcd_peer_client_auth: true
|
||||
|
||||
## External LB example config
|
||||
## apiserver_loadbalancer_domain_name: "elb.some.domain"
|
||||
#loadbalancer_apiserver:
|
||||
|
|
|
@ -40,3 +40,6 @@ etcd_vault_mount_path: etcd
|
|||
|
||||
# Force clients like etcdctl to use TLS certs (different than peer security)
|
||||
etcd_secure_client: true
|
||||
|
||||
# Enable peer client cert authentication
|
||||
etcd_peer_client_auth: true
|
||||
|
|
|
@ -23,4 +23,4 @@ ETCD_CLIENT_CERT_AUTH={{ etcd_secure_client | lower}}
|
|||
ETCD_PEER_TRUSTED_CA_FILE={{ etcd_cert_dir }}/ca.pem
|
||||
ETCD_PEER_CERT_FILE={{ etcd_cert_dir }}/member-{{ inventory_hostname }}.pem
|
||||
ETCD_PEER_KEY_FILE={{ etcd_cert_dir }}/member-{{ inventory_hostname }}-key.pem
|
||||
ETCD_PEER_CLIENT_CERT_AUTH=true
|
||||
ETCD_PEER_CLIENT_CERT_AUTH={{ etcd_peer_client_auth }}
|
||||
|
|
Loading…
Reference in a new issue